|
|
|
|
|
|
by snowwrestler
5101 days ago
|
|
|
It seems to me that a web application should not assist in its own hacking by allowing automated high-speed form submissions. Why should a form that accepts human input accept input much faster than a human can generate it? Limiting form submissions to about one every second per IP should greatly reduce the value of brute force attacks without being perceptible at all to actual users. If you're worried that will be too slow for your users, make it a tenth of a second. That should still be far too slow for enumeration or other brute force techniques to be worthwhile. |
|
|